How do I display that monospace font?

Discussion in 'Wii U - Hacking & Backup Loaders' started by CosmoCortney, Apr 18, 2016.

  1. CosmoCortney
    OP

    CosmoCortney The Hacker Furry

    Member
    1,579
    1,490
    Apr 18, 2013
    Germany
    on the cool side of the pillow
    Hello,
    I've been working on code types for cheat codes and thought it'd be great to have a code type that outputs text without freezing/pausing the game and turning the screen black.
    Just using that monospace font you can see when an exploit fails.
    So we could easily display any value of the RAM on screen.

    The problem is I don't know how to call up this function. The code handler is being executed by a hijacked rpl in the RAM. @BullyWiiPlaza has compiled some .bin files for me that call up the print function. I can load them into RAM but don't know where to branch the execution on it and where to exit it from there.

    But this should be possible. Here you can see something similar being done with Wind Waker (GCN version)
     

    Attached Files:

    Net-KILLER likes this.
  2. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,773
    1,441
    Aug 2, 2014
    Germany
    Try to load the assembly into the RAM fully somewhere and branch to it from the rpl assembly. Then make another branch back to where you came from (to the next instruction in the rpl). This should be similar to how you did it with the code handler injection. Theoretically it should then display the text. Or maybe I'm misunderstanding your problem?
     
    Last edited by BullyWiiPlaza, Apr 18, 2016
  3. CosmoCortney
    OP

    CosmoCortney The Hacker Furry

    Member
    1,579
    1,490
    Apr 18, 2013
    Germany
    on the cool side of the pillow
    That's what I tried before, do you remember?
    The problem is that the first .word of the code doesn't look like the beginning of the code.
    It begins with a stwu instruction which doesn't make sense there:
    upload_2016-4-18_20-9-10.png

    should I branch to the mflr instruction?
     
  4. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,773
    1,441
    Aug 2, 2014
    Germany
    It doesn't make sense to you but this is the function for printing to the text to the screen. Branch to the stwu
     
  5. CosmoCortney
    OP

    CosmoCortney The Hacker Furry

    Member
    1,579
    1,490
    Apr 18, 2013
    Germany
    on the cool side of the pillow
    hmm.. ok, well, from where should I branch back to the code handler?
    overwrite the last blr with a branch instruction?
     
  6. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3

    Member
    1,773
    1,441
    Aug 2, 2014
    Germany
    blr already returns to the address in the link register. You can use mtlr followed by a register to write its content to the link register. For example, you can replace blr with the following to decide where to return to:
    Code:
    lis r0, 0xRETURN
    ori r0, r0, 0xADDRESS
    mtflr r0
    blr
    Or maybe a simple always branch would work too:
    Code:
    b 0xRETURN_ADDRESS
     
    Last edited by BullyWiiPlaza, Apr 18, 2016